• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 207
  • Last Modified:

Security Lock Down

Hello, I am looking for a software and or a way to lock down all the PCs on a network to ensure they are secure from data theft directly from USB and other devices, need the cut and paste facility disabled etc, must ensure there is no way for data to be stolen directly and indirectly i.e emailing data etc, ensure no method of taking and connecting personal devices or printers etc or bypassing systems, ensuring no method by which these devices can attach or link to remove data. We must also know if someone is trying to use third part facilities, ensure no way to load 3rd party software onto systems to remove client data or somehow facilitate other mechanisms.

This might sound extreme  but thats what we need to do.

Please make suggestions and recommendations.
0
Scootek
Asked:
Scootek
3 Solutions
 
farazhkhanCommented:
Hi,

Well this will cover in details what security you need to impose and how, although this article is for securing terminal sessions but you can apply the same setting in a GPO to your domain users: http://support.microsoft.com/kb/278295

The only thing would remain is USB blocking, you need to get custom ADM for doing that, check this: http://www.petri.co.il/disable_usb_disks_with_gpo.htm
or
http://support.microsoft.com/kb/555324

Regards,
Faraz H. Khan
0
 
EirmanChief Operations ManagerCommented:
If you could restrict access to the PC case itself and just allow access to the monitor/keyboard/mouse that would go a long way. Some PC cases allow padlocks to be fitted. You can very easily disconnect all you USB ports - this can never be circumvented unless the case is opened.

Whatever you do make sure that your data is always encrypted - If someone walks out with your server under their arm, they will never be able to access the data. Bestcrypt from jetico.com is very flexible. It allows you to set up an encrypted container for all your data and to assign say five passphrases to five people. You then decide that any say three of the five users can open the container.
0
 
EirmanChief Operations ManagerCommented:
Useful search term - pc kiosk software
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
McKnifeCommented:
Scootek, give us some insight on what we have here.
I am asking because even with the most restricted settings, the user is still able to view the documents, right? If he can view those, he can bring a camera (inside his mobile maybe) and simply film the screen while reading through the documents. The recorded quality might be far better then you think of.
So are you talking about thousands of documents (which would mean a lot of work doing film/photo recorded hard copies) or what?
0
 
ScootekAuthor Commented:
Hello Guys,

Thank you to everybody for their replies so far. As McKnife asked for more information, here it is:

Firstly, it's an organisation where data is very valuable (financial services) and employees will try and take data if they get a chance and sell it to new employer or the highest bidder. The employees are generally highly educated and have very good knowledge of IT.

The current setup is that the PC's are acting as dumb terminals although they are fully fledged PC's. They are using hosted desktop (cloud).

If you need more info let me know. I would be willing to do whatever necessary to put in a serious solution.

What can I use to stop or dsisable CUT AND PASTE facility?

McKnife the camera point is pretty good - we will work on either stopping people taking in camera phones or putting on a screen that you can't picture.
0
 
ScootekAuthor Commented:
Thank you for you help.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now